A scope generation tool for Burp Suite & ZAP
--resolveConflicts
(Resolve all exclude conflicts (Say 'Y' to all)--avoid3P
(Avoid all third party resources (Say 'Y' to all))X-Auth-Token
in H1_TOKEN
environment variable-u|--url
flags to obtain scopes from bugbounty programs.-u|--url
for hackerone programs.-b|--burp
flag is no longer needed as results are outputted as Burp-compatible JSON - by default.-o|--outfile
is no longer required as results are saved to a default filename in the working dir.internal/
rather than project root.File configs/services
which lists a bunch of service names and ports. With this, rescope is able to identify ports for targets that has schemes but no port specified. For now this is used when parsing to Burp. Example:
ftps://example.com
=> port: 990
https://example.com:21
=> port: 443,21
Port 80,443 to Burp scope when identifier has no scheme and no port. This'll prevent people from touching ports that're otherwise (not clearly defined) out of bounds. Example:
example.com
=> port: 80,443
.*
extension, that also has multiple wildcards in domain did not parse correctly.--raw
that outputs naked (in-scope) definitions to file. Useful in working with other tools and programs.--name
specifiedwww.*.example.com
and *.*.example.com
should now parse correctly.internal/
rather than project root.File configs/services
which lists a bunch of service names and ports. With this, rescope is able to identify ports for targets that has schemes but no port specified. For now this is used when parsing to Burp. Example:
ftps://example.com
=> port: 990
https://example.com:21
=> port: 443,21
Port 80,443 to Burp scope when identifier has no scheme and no port. This'll prevent people from touching ports that're otherwise (not clearly defined) out of bounds. Example:
example.com
=> port: 80,443